• Home
• org.sonarsource.java
• java-checks
• 3.13
• source code
• S3318.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.l10n.java.rules.squid.S3318.html Maven / Gradle / Ivy

Data in a web session is considered inside the "trust boundary". That is, it is assumed to be trustworthy. But storing unvetted data from an unauthenticated user violates the trust boundary, and may lead that that data being used inappropriately.
This rule raises an issue when data from Cookies or HttpServletRequests is stored in a session. 
Noncompliant Code Example

login = request.getParameter("login");
session.setAttribute("login", login);  // Noncompliant

See


 MITRE, CWE-501 - Trust Boundary Violation